API tools faq
paste
Guest User

Untitled

a guest
Jun 9th, 2011
184
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.76 KB | None | 0 0
raw download clone embed print report
  1. /ip firewall export
  2. # jan/02/1970 03:47:17 by RouterOS 5.4
  3. # software id = 3XIZ-7GSZ
  4. #
  5. /ip firewall address-list
  6. add address=192.168.0.0/16 disabled=no list=vpn
  7. add address=184.123.123.123 disabled=no list=vpn
  8. /ip firewall connection tracking
  9. set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
  10. tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
  11. /ip firewall filter
  12. add action=accept chain=input comment="Allow Ping" disabled=no protocol=icmp
  13. add action=accept chain=input comment="Allow VPN" disabled=no src-address-list=vpn
  14. add action=accept chain=input comment="Allow NAT" connection-state=related disabled=no in-interface=ether1-gateway
  15. add action=accept chain=input comment="Allow NAT" connection-state=established disabled=no in-interface=ether1-gateway
  16. add action=log chain=input comment="Log NetOp" disabled=no dst-port=6502 log-prefix=netop protocol=tcp
  17. add action=accept chain=input comment="Allow Published Services" disabled=no dst-port=6502,443,3389 in-interface=ether1-gateway protocol=tcp
  18. add action=accept chain=input comment="Allow WinBox Remote" disabled=no dst-port=8291,80,3389 in-interface=ether1-gateway protocol=tcp
  19. add action=log chain=input comment="Log All Denied" disabled=no in-interface=ether1-gateway log-prefix=""
  20. add action=drop chain=input comment="Deny All" disabled=no in-interface=ether1-gateway
  21. /ip firewall nat
  22. add action=accept chain=srcnat comment="Do Not NAT VPN Tunnel" disabled=no dst-address=192.168.0.0/24 src-address=192.168.53.0/24
  23. add action=dst-nat chain=dstnat comment="Publish WebServer" disabled=yes dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.254 to-ports=80
  24. add action=redirect chain=dstnat comment="Transparent WebProxy" disabled=no dst-port=80 in-interface=bridge protocol=tcp to-ports=8080
  25. add action=dst-nat chain=dstnat comment="Publish XenCenter" disabled=no dst-port=443 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.53.3 to-ports=443
  26. add action=dst-nat chain=dstnat comment="Publish Remote Desktop" disabled=no dst-port=3389 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.53.13 to-ports=3389
  27. add action=dst-nat chain=dstnat comment="Publish NetOp" disabled=no dst-port=6502 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.53.10 to-ports=6502
  28. add action=masquerade chain=srcnat comment="NAT Local Network" disabled=no out-interface=ether1-gateway
  29. /ip firewall service-port
  30. set ftp disabled=no ports=21
  31. set tftp disabled=no ports=69
  32. set irc disabled=no ports=6667
  33. set h323 disabled=no
  34. set sip disabled=no ports=5060,5061
  35. set pptp disabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!